wpa/wpa2 on logs
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Wed Oct 14 15:38:40 CEST 2009
Hi,
> Hmm, just thought, some vendors may include the information in the RADIUS packet as VSAs (Vendor Specific Attributes).
>
> Might be worth running the server in debugging mode (radiusd -X) and see what your wireless controllers
> are actually sending in Access-Request packets.
>
> So although you won't get the info in the EAP Tunnel, you may find it's available in the RADIUS Access-request
> packets.
I thought the same thing - so had a quick look at our incoming RADIUS Access-Requests etc...
and nothing useful buried there - but there again, I havent looked at the other end
yet to see if there are other options or VSAs that can be used - we can currently get
such info from the wireless control system - so that information is being passed from
the LWAPP/CAPWAP systems to the controller - and a suitable SNMP to the WCS from the
RADIUS server would allow you to tie the two together (best done out of band!) ..
this is probably a useful step for any site wondering whether to drop WPA/TKIP
support for example (for security - move to WPA2/AES) - you'd need to see how
many non-AES clients you had before the change......
alan
More information about the Freeradius-Users
mailing list